[Freeipa-devel] RE: [Freeipa-interest] [Roadmap] Evolution

[Dmitri Pal]

NOLLET Remy (CAMPUS) wrote:
> Yes surely,
>
> We did this in the way to get a centralized infrastructure server with a
> uniq database as Active directory.
> We want to challenge AD on many Full Linux Infra domain.
>
> We need NTP relay, DNS server, Auth server, ACL server (for auth,
> right... ) etc...
> So first thing we did was to implement NTP relay and LDAP, SSH auth with
> a LDAP backend, and do a bind server with th same LDAP backend.
> For Sudoers, we test to implement it in LDAP Too. Fine. 
> After the way was to use group of server, users and group of users from
> this LDAP to simplify management.
> Now we:
> 	- declare servers on DNS/LDAP, 
> 	- declare posix users on LDAP,
> 	- put them on different groups NIS/POSIX
> 	- put ACLs in sudoers on LDAP
> 	- put ACLs for SSH Auth on LDAP too
> 		( it's the beginning of major GPO )
>
> We are looking on FreeIPA to get a friendly interface to manage all...
> We want to manage full/partial replication between LDAP.
> And manage user profile, printers etc...
>
> Maybe use this to integrate/authenticate Windows platform ;-))
>
> Doesn't be anyway to split your roadmap on more fine phasis ?
>
> Kind Regards
>
> Remy
>   
Hm, we are doing pretty much the same thing.
We are embedding DNS, we are manging users, user groups, hosts, host 
groups...
We plan to manage policies for host based access, sudoers, SELinux etc.

And we also looking at Samba integration down the road.
In v2 we really need to make a leap from LDAP+Kerberos to:
LDAP, Kerberos, CA, DNS, Policy engine, basic audit log collection , 
host management, client etc.
At least this is what we got from different sources to be a minimal 
subset of functionality we need to provide.
Without it it won't be attractive. Are you saying that a subset would be 
interesting in your case?
Ho would you slice this in different releases to meet your needs?

Thanks
Dmitri